Vulnerability Details : CVE-2008-2363
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-2363
Probability of exploitation activity in the next 30 days: 4.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-2363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-2363
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-2363
-
Red Hat 2008-06-03Not vulnerable. This issue did not affect the versions of pan as shipped with Red Hat Enterprise Linux 2.1. No other versions of Red Hat Enterprise Linux have shipped Pan.
-
http://bugs.gentoo.org/show_bug.cgi?id=224051
Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=446902
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:201
-
http://www.securityfocus.com/bid/29421
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42750
-
http://marc.info/?l=oss-security&m=121207185600564&w=2
Patch
-
http://security.gentoo.org/glsa/glsa-200807-15.xml
-
http://bugzilla.gnome.org/show_bug.cgi?id=535413
Patch
- http://www.novell.com/linux/security/advisories/2008_13_sr.html
- cpe:2.3:a:pan:pan:*:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.129:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.130:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.124:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.123:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.115:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.114:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.107:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.106:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.126:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.125:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.117:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.116:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.109:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.108:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.128:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.127:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.119:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.118:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.111:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.110:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.131:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.122:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.121:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.120:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.113:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.112:*:*:*:*:*:*:*
- cpe:2.3:a:pan:pan:0.105:*:*:*:*:*:*:*